Description

Security researcher Ash reported an issue with the Mozilla
Updater on Windows 7 and later versions of Windows. On vulnerable platforms, the
Mozilla Updater can be made to load a specific malicious DLL file from the local
system. This DLL file can run in a privileged context through the Mozilla
Maintenance Service's privileges, allowing for local privilege escalation. The
DLL file can also run in an unprivileged context if the Mozilla Updater is run
directly by a user in the same directory as the file. Local file system access
is necessary in order for this issue to be exploitable.